CN109150684B - Message processing method and device, communication equipment and computer readable storage medium - Google Patents

Message processing method and device, communication equipment and computer readable storage medium Download PDF

Info

Publication number
CN109150684B
CN109150684B CN201810803037.6A CN201810803037A CN109150684B CN 109150684 B CN109150684 B CN 109150684B CN 201810803037 A CN201810803037 A CN 201810803037A CN 109150684 B CN109150684 B CN 109150684B
Authority
CN
China
Prior art keywords
application container
container engine
message
identification information
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810803037.6A
Other languages
Chinese (zh)
Other versions
CN109150684A (en
Inventor
徐燕成
王伟
周霁进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201810803037.6A priority Critical patent/CN109150684B/en
Publication of CN109150684A publication Critical patent/CN109150684A/en
Application granted granted Critical
Publication of CN109150684B publication Critical patent/CN109150684B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Abstract

The embodiment of the invention provides a message processing method, a message processing device, communication equipment and a computer readable storage medium, and relates to the technical field of communication. After the tunnel is established between the virtual equipment and the communication equipment, the communication equipment receives a message sent by an application container engine running on the virtual equipment, the message comprises ciphertext identification information of the application container engine, an address and a destination address of the virtual equipment, the ciphertext identification information is analyzed according to a preset private key to obtain the identification information of the application container engine, and a request message received from external terminal equipment is sent to the application container engine through the virtual equipment according to the identification information of the application container engine, the address and the destination address of the virtual equipment. The communication equipment can accurately send the request message sent by the external terminal equipment to the corresponding application container engine, and because the identification information of the application container engine can be obtained according to the message sent by the application container engine, the manual configuration of a large number of tunnel routes is effectively reduced.

Description

Message processing method and device, communication equipment and computer readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet, a communication device, and a computer-readable storage medium.
Background
With the rapid development of the mobile internet, the number of online users increases rapidly, and internet enterprises can establish a large number of virtual servers to deal with mass data storage. For example, a server of a certain internet company includes a plurality of Virtual servers, each Virtual server may establish a GRE (Generic Routing Encapsulation) tunnel with a Routing device, a Network of MPLS (Multi-Protocol Label Switching) L3(Layer3, three-Layer) VPN (Virtual Private Network) may be established between the Routing device and an external terminal device, each Virtual server runs an application container engine (docker), each Virtual server and each docker correspond to an address, and when a docker sends a message to an external terminal device, the Virtual server where the docker is located may change a source address of the message to an address of the Virtual server, so that the external terminal device may only know the address of the intranet Virtual server, for protecting the security of information; when the routing device receives a response message sent by the external interrupt device, the destination address of the response message is the address of the virtual server, so that the response message is forwarded to the virtual server, but the virtual server cannot determine which docker corresponds to the response message.
The existing processing method is to manually configure a static tunnel forwarding table on a routing device, and the routing device determines an address of a destination docker corresponding to a message according to the static tunnel forwarding table and forwards the message, but manually configuring the static tunnel forwarding table is too complicated, and the manually configured static tunnel forwarding table has a limited usage amount and is not easy to change, thereby reducing the message forwarding efficiency to a certain extent.
Disclosure of Invention
Embodiments of the present invention provide a message processing method, an apparatus, a communication device, and a computer-readable storage medium, so as to reduce manual configuration of a large number of tunnel routes and solve a problem that a request message sent by an external terminal device cannot be accurately sent to a corresponding application container engine.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:
in a first aspect, an embodiment of the present invention provides a packet processing method, which is applied to a communication device, where the communication device communicates with a plurality of virtual devices, and an application container engine runs on each virtual device, where the method includes: after the virtual device and the communication device establish a tunnel, receiving a message sent by an application container engine running on the virtual device, wherein the message comprises ciphertext identification information of the application container engine, an address of the virtual device and a destination address; analyzing the ciphertext identification information of the application container engine according to a preset private key to obtain the identification information of the application container engine; and sending a request message received from an external terminal device to the application container engine through the virtual device according to the identification information of the application container engine, the address of the virtual device and the destination address.
In a second aspect, an embodiment of the present invention further provides a packet processing method, which is applied to an application container engine of a virtual device, where the virtual device communicates with a communication device, and the method includes: after the virtual device and the communication device establish a tunnel, encrypting the identification information of the application container engine by using a preset private key to obtain ciphertext identification information of the application container engine; and sending a message to the communication equipment, wherein the message comprises the ciphertext identification information of the application container engine, the address and the destination address of the virtual equipment, so that the communication equipment can analyze the ciphertext identification information of the application container engine through the private key to obtain the identification information of the application container engine, and send a request message received from external terminal equipment to the application container engine through the virtual equipment according to the identification information of the application container engine, the address of the virtual equipment and the destination address.
In a third aspect, an embodiment of the present invention further provides a packet processing apparatus, which is applied to a communication device, where the communication device communicates with a plurality of virtual devices, and each virtual device runs an application container engine, where the apparatus includes: a message receiving module, configured to receive a message sent by an application container engine running on the virtual device after a tunnel is established between the virtual device and the communication device, where the message includes ciphertext identification information of the application container engine, an address of the virtual device, and a destination address; the ciphertext analysis module is used for analyzing the ciphertext identification information of the application container engine according to a preset private key to obtain the identification information of the application container engine; and the message processing module is used for sending a request message received from external terminal equipment to the application container engine through the virtual equipment according to the identification information of the application container engine, the address of the virtual equipment and the destination address.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is read by a processor and when executed, implements the method according to the first aspect.
In a fifth aspect, an embodiment of the present invention further provides a communication device, including a computer-readable storage medium storing a computer program and a processor, where the computer program is read by the processor and executed to implement the method according to the first aspect.
According to the message processing method, the message processing device, the communication equipment and the computer readable storage medium provided by the embodiment of the invention, after the virtual equipment and the communication equipment establish a tunnel, the communication equipment receives a message sent by an application container engine running on the virtual equipment, wherein the message comprises ciphertext identification information of the application container engine, an address and a destination address of the virtual equipment, the ciphertext identification information of the application container engine is analyzed according to a preset private key to obtain the identification information of the application container engine, and a request message received from external terminal equipment is sent to the application container engine through the virtual equipment according to the identification information of the application container engine, the address of the virtual equipment and the destination address. When the application container engine sends the message, the identification information of the application container engine is sent to the communication equipment in a ciphertext mode, so that the safety of intranet information is effectively protected; the communication equipment obtains the identification information of the application container engine by analyzing the ciphertext identification information, accurately sends the request message sent by the external terminal equipment to the corresponding application container engine through the virtual equipment according to the identification information of the application container engine, the address of the virtual equipment and the destination address of the message, and effectively avoids the defect that the static tunnel forwarding table is too complicated by manual configuration in the prior art because the communication equipment can obtain the identification information of the application container engine according to the message sent by the application container engine.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic diagram illustrating an application environment of a message processing method and apparatus according to an embodiment of the present invention.
Fig. 2 shows a block diagram of a communication device according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating a message processing method applied to a communication device according to an embodiment of the present invention.
Fig. 4 is a schematic flowchart illustrating a message processing method applied to a communication device according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a tunnel forwarding table according to an embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating another tunnel forwarding table provided in an embodiment of the present invention.
Fig. 7 is a flowchart illustrating a communication device processing a request packet according to an embodiment of the present invention.
Fig. 8 is a schematic flowchart illustrating a message processing method applied to a communication device according to an embodiment of the present invention.
Fig. 9 is a flowchart illustrating a message processing method applied to an application container engine according to an embodiment of the present invention.
Fig. 10 is a schematic diagram illustrating functional modules of a message processing apparatus according to an embodiment of the present invention.
Icon: 100-a communication device; 200-a server; 300-external terminal equipment; 400-a network; 500-application container engine; 600-a message processing apparatus; 110-a memory; 120-a processor; 130-a communication interface; 610-message receiving module; 620-ciphertext parsing module; 630-tunnel forwarding table establishment module; 640-message processing module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Fig. 1 is a schematic application environment diagram of a message processing method and device according to an embodiment of the present invention. The communication apparatus 100 and the server 200 communicate with each other by establishing a GRE tunnel, and the communication apparatus 100 and the external terminal apparatus 300 establish a network 400 therebetween and communicate with each other via the network 400. In this embodiment, the server 200 includes a plurality of Virtual Machines (VMs), e.g., Virtual device 1, …, and Virtual device N, each of which establishes a different GRE tunnel, e.g., GRE tunnel T, with the communication device 100 for communication respectively1… GRE tunnel TN(ii) a An application container engine 500 runs on each virtual device, the application container engine 500 can send messages to the communication device 100 through a GRE tunnel between the virtual device and the communication device 100, the external terminal device 300 can also send messages to the communication device 100 through the network 400, and the communication device 100 can forward the messages from the application container engine 500 and the messages from the external terminal device 300.
In this embodiment, the network 400 may be an MPLS L3VPN network; the communication device 100 may be a router, a gateway, or the like; the server 200 may be understood as a Virtual Private Cloud (VPC) device of an enterprise, that is, a device of an intranet of the enterprise; the external terminal device 300 may be understood as a device stored in an Internet Data Center (IDC), that is, an external network device, which may be a network server, a database server, a cloud server, or the like.
Fig. 2 is a block diagram of a communication device 100 according to an embodiment of the present invention. The communication device 100 may include a memory 110, a processor 120, and a communication interface 130, the memory 110, the processor 120, and the communication interface 130 being electrically connected to each other, directly or indirectly, to enable transmission or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The message processing apparatus 600 includes at least one software functional module which can be stored in the memory 110 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the communication device 100. The memory 110 may be used to store software programs and modules, such as program instructions/modules corresponding to the message processing method and apparatus provided in the embodiments of the present invention, and the processor 120 executes the software programs and modules stored in the memory 110, so as to execute various functional applications and data processing. The communication interface 130 may be used for communicating signaling or data with other node devices.
The Memory 110 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (Read Only Memory,
ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), electrically Erasable Programmable Read-Only Memory (EEPROM), and the like.
The processor 120 may be an integrated circuit chip having signal processing capabilities. The Processor 120 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP)), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
It will be appreciated that the configuration shown in fig. 2 is merely illustrative and that the communication device 100 may also include more or fewer components than shown in fig. 2 or have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by the processor 120, the message processing method disclosed in the embodiment of the present invention is implemented.
Fig. 3 is a schematic flow chart of a message processing method according to an embodiment of the present invention. It should be noted that, the message processing method according to the embodiment of the present invention is not limited by the specific sequence shown in fig. 3 and described below, and it should be understood that, in other embodiments, the sequence of some steps in the message processing method according to the embodiment of the present invention may be interchanged according to actual needs, or some steps in the message processing method may be omitted or deleted. The message processing method can be applied to the communication device 100, and the specific flow shown in fig. 3 will be described in detail below.
Step S101, after the virtual device establishes a tunnel with the communication device 100, receiving a message sent by an application container engine 500 running on the virtual device, where the message includes ciphertext identification information of the application container engine 500, an address of the virtual device, and a destination address.
In this embodiment, after the virtual device on the server 200 establishes the GRE tunnel with the communication device 100, the application container engine 500 running on the virtual device may send a message to the communication device 100 through the GRE tunnel, and the communication device 100 forwards the message to the corresponding external terminal device 300. The message sent by the application container engine 500 to the communication device 100 is a GRE message obtained by GRE encapsulating an original message by the application container engine 500, and GRE encapsulating refers to adding a GRE message header to the original message, that is, the GRE message includes two parts, namely, the original message and the GRE message header.
In this embodiment, in order to protect the security of the intranet information and facilitate that the communication device 100 can accurately determine the application container engine 500 corresponding to the request message when receiving the request message from the external terminal device 300, the application container engine 500 sends the GRE message to the communication device 100, and ciphertext identification information obtained by encrypting the identification information of the application container engine 500 is stored in a header of the GRE message, so that the identification information of the application container engine 500 is sent to the communication device 100 in a form of a ciphertext, and an address of a virtual device where the application container engine 500 is currently located is used as a source address of the message. Therefore, in the GRE packet received by the communication device 100 from the GRE tunnel, the original packet at least includes the address (i.e., source address) and destination address of the virtual device, and the header of the GRE packet should include the ciphertext identification information of the application container engine 500. The application container engine 500 may encrypt the identification information of the application container engine 500 by using a preconfigured private key (e.g., "text"), to obtain ciphertext identification information of the application container engine 500, and store the ciphertext identification information of the application container engine 500 in one of fields (e.g., key field) of the GRE header.
It should be noted that, in this embodiment, the identification information of the application container engine 500 may be an address of the application container engine 500, a virtual local area network tag (VLAN tag), ID information of the application container engine 500 on the virtual device, and the like, as long as the identification information can uniquely identify the application container engine 500 in the virtual device.
Step S102, parsing the ciphertext identification information of the application container engine 500 according to a preconfigured private key, to obtain the identification information of the application container engine 500.
In this embodiment, the private key on the communication device 100 can be configured by the user by entering a configuration command, and the configured private key should be the same as the private key employed by the application container engine 500 to encrypt the identification information. For example, the configuration command may be "GRE with-unaddress key text", the communication device 100 may extract the private key "text" according to the configuration command, and after receiving the GRE packet sent by the application container engine 500, analyze the ciphertext identification information of the application container engine 500 stored in the GRE packet header by using the private key "text", thereby obtaining the identification information of the application container engine 500.
Step S103, sending the request packet received from the external terminal device 300 to the application container engine 500 through the virtual device according to the identification information of the application container engine 500, the address of the virtual device, and the destination address.
As shown in fig. 4, in this embodiment, after the communication device 100 obtains the identification information of the application container engine 500 by parsing the GRE packet sent by the application container engine 500, the processing method further includes:
step S11, add a routing index in the tunnel forwarding table according to the identification information of the application container engine 500, the address of the virtual device, and the destination address.
In this embodiment, after the communication device 100 obtains the GRE packet, the address and the destination address of the corresponding virtual device may be obtained according to the original packet of the GRE packet, the ciphertext identification information of the application container engine 500 stored in the key field of the GRE packet header is analyzed by using the private key to obtain the identification information of the application container engine 500, and a routing index is added in the tunnel forwarding table according to the identification information of the application container engine 500, the address of the virtual device, and the destination address, so that the dynamic establishment of the tunnel forwarding table is realized, the private IP address of the application container engine 500 is used as the identification information of the application container engine 500, and an example is given to further explain the process of dynamically establishing the tunnel forwarding table by the communication device 100. In the application environment described in fig. 1, when the communication device 100 receives the application container engine 500 on the virtual device 1, it passes through the GRE tunnel T1When sending the GRE packet, the communication device 100 analyzes the original packet in the GRE packet to obtain the address "2.2.2.2" and the destination address "3.3.3.3" of the virtual device 1, and uses the pre-configured private key "text" to store the key field of the GRE packet headerThe ciphertext identification information of the container engine 500 is used for analyzing to obtain the identification information "1.1.1.1" of the application container engine 500, a routing index can be obtained according to the identification information "1.1.1.1" of the application container engine 500, the address "2.2.2.2" of the virtual device 1 and the destination address "3.3.3.3", and a tunnel forwarding table as shown in fig. 5 is established, where only one routing index exists in the tunnel forwarding table. When the communication device 100 receives the application container engine 500 on the virtual device N through the GRE tunnel TNWhen sending the GRE packet, the communication device 100 obtains the address "n.n.n.n" and the destination address "4.4.4.4" of the virtual device N according to the original packet in the GRE packet, analyzes the ciphertext identification information of the application container engine 500 stored in the key field of the GRE packet header by using the preconfigured private key "text" to obtain the identification information "1.1.1.2" of the application container engine 500, and adds a routing index in the tunnel forwarding table shown in fig. 5 according to the identification information "1.1.1.2" of the application container engine 500, the address "n.n.n.n" of the virtual device N, and the destination address "4.4.4.4" to establish the tunnel forwarding table shown in fig. 6, where the tunnel forwarding table includes two routing indexes. It should be noted that the tunnel interface in the tunnel forwarding table shown in fig. 5 and fig. 6 refers to an interface where the communication apparatus 100 receives the GRE packet, that is, the communication apparatus 100 receives the GRE tunnel T through the tunnel interface Tun11For the transmitted GRE message, the communication device 100 receives the GRE tunnel T through the tunnel interface TunNNAnd (4) transmitting the GRE message.
In this embodiment, after receiving the message sent by the application container engine 500, the communication device 100 may forward the message to the corresponding external terminal device 300 according to the destination address of the message; when the communication device 100 receives the request packet sent by the external terminal device 300, the request packet received from the external terminal device 300 is sent to the application container engine 500 through the virtual device according to the routing index.
As shown in fig. 7, in this embodiment, for a request packet sent by any external terminal device 300, the communication device 100 needs to first determine whether a target routing index corresponding to the request packet exists in a tunnel forwarding table so as to determine a processing policy of the request packet, and the specific flow is as follows:
in step S201, when receiving a request message from the external terminal device 300, a source address and a destination address of the request message are obtained.
Step S202, judging whether a target routing index corresponding to the request message exists in the tunnel forwarding table according to the source address and the destination address of the request message.
In this embodiment, after receiving the request message from the external terminal device 300, the communication device 100 parses the source address and the destination address in the request message, and matches the source address and the destination address with the routing index in the tunnel forwarding table to determine whether there is a target routing index corresponding to the request message. For example, when the source address in the request message is "3.3.3.3" and the destination address is "2.2.2.2", the first route index in the tunnel forwarding table shown in fig. 6 may be matched, so that the first route index is determined as the target route index corresponding to the request message; when the source address in the request message is "5.5.5.5" and the destination address is "2.2.2.2", it is determined that the source address and the destination address do not match each routing index in the tunnel forwarding table shown in fig. 6, and it is determined that a destination routing index corresponding to the request message does not exist in the tunnel forwarding table. When judging that the target routing index corresponding to the request message exists in the tunnel forwarding table, executing step S203; and when judging that the target routing index corresponding to the request message does not exist in the tunnel forwarding table, executing the step S204.
Step S203, when the target routing index exists in the tunnel forwarding table, according to the identification information of the application container engine 500 in the target routing index and the address of the virtual device in the target routing index, sending the request packet received from the external terminal device 300 to the application container engine 500 through the virtual device.
In this embodiment, when the target routing index exists in the tunnel forwarding table, the communication device 100 may process the request packet by using two processing manners: first, the communication device 100 needs to encrypt the identification information of the application container engine 500 and then place the encrypted identification information in the key field of the GRE packet header; second, the communication device 100 directly modifies the destination address in the request message to the identification information of the application container engine 500.
When the first processing manner is adopted, the step S203 specifically includes: encrypting the identification information of the application container engine 500 in the target routing index by using the private key to obtain ciphertext identification information of the application container engine 500, encapsulating the request message to add a new message header to the request message, adding the ciphertext identification information of the application container engine 500 to the new message header to obtain a first message to be sent, sending the first message to be sent to corresponding virtual equipment according to the address of the virtual equipment in the target routing index, so that the virtual equipment analyzes the first message to be sent to obtain the identification information of the application container engine 500, and sending the request message to the application container engine 500 according to the identification information of the application container engine 500.
For example, when it is determined that the first routing index is the target routing index corresponding to the request packet in the tunnel forwarding table shown in fig. 6, the communication device 100 encrypts the identification information "1.1.1.1" of the application container engine 500 in the target routing index by using the private key "text" to obtain the ciphertext identification information of the application container engine 500, performs GRE encapsulation on the request packet to add a new packet header (i.e., GRE packet header) to the request packet, and adds the ciphertext identification information of the application container engine 500 to the key field of the new packet header for storage to obtain a first packet to be sent, where the first packet to be sent includes two parts, namely, the new packet header and the request packet; the communication device 100 sends the first to-be-sent message to the corresponding virtual device (i.e., the virtual device 1) according to the address "2.2.2.2" of the virtual device in the target routing index, and after receiving the first to-be-sent message, the virtual device 1 analyzes the key field of the new header in the first to-be-sent message by using the private key "text" to obtain the identification information "1.1.1.1" of the application container engine 500, and sends the request message in the first to-be-sent message to the application container engine 500 whose identification information is "1.1.1.1".
When the second processing manner is adopted, the step S203 specifically includes: and taking the identification information of the application container engine 500 in the target routing index as a new destination address of the request message to obtain a new request message, encapsulating the new request message to obtain a second message to be sent, and sending the second message to be sent to the corresponding virtual device according to the address of the virtual device in the target routing index, so that the virtual device sends the new request message to the application container engine 500 according to the new destination address.
For example, when it is determined that the first route index is the destination route index corresponding to the request packet in the tunnel forwarding table shown in fig. 6, the communication device 100 uses the identification information "1.1.1.1" of the application container engine 500 in the destination route index as the new destination address of the request packet, so as to obtain a new request packet. That is, the communication device 100 directly modifies the destination address of the request packet from "2.2.2.2" to the identification information "1.1.1.1" of the application container engine 500, so that "1.1.1.1" becomes the new destination address of the request packet, and therefore the difference between the request packet and the new request packet is only the change of the destination address. After the communication device 100 completes the modification of the destination address, GRE encapsulation is performed on the obtained new request message to obtain a second message to be sent, where the second message to be sent also includes two parts, namely a GRE message header and a new request message, but the GRE message header of the second message to be sent does not store the ciphertext identification information of the application container engine 500. The communication device 100 sends the second message to be sent to the corresponding virtual device (i.e. the virtual device 1) according to the address "2.2.2.2" of the virtual device in the target route index, and after receiving the second message to be sent, the virtual device 1 sends the new request message to the application container engine 500 with the identification information "1.1.1.1" according to the new destination address "1.1.1" of the new request message in the second message to be sent.
It can be seen that, when the second processing mode is used to process the request packet, the communication device 100 directly uses the identification information of the application container engine 500 as the new destination address of the request packet, so that after the virtual device receives the second packet to be sent, the virtual device does not need to use the private key "text" to analyze the GRE packet header of the second packet to be sent to obtain the identification information of the application container engine 500, and thus the pressure on the virtual device can be effectively reduced.
Step S204, when the target routing index does not exist in the tunnel forwarding table, discarding the request packet or sending the request packet to the virtual device so that the virtual device broadcasts the request packet to all application container engines 500 running on the virtual device.
In this embodiment, when the target routing index does not exist in the tunnel forwarding table, it indicates that the external terminal device 300 is actively sending the request packet for the first time, at this time, the communication device 100 has not recorded the routing information about the external terminal device 300 yet, after parsing out the destination address "2.2.2" and the source address "5.5.5.5" of the request packet, the communication device 100 cannot match the target routing index in the tunnel forwarding table, and in this case, the communication device 100 may also process the request packet in two processing manners.
When the first processing manner is adopted, the step S204 specifically includes: encrypting a preset broadcast address by using the private key to obtain a ciphertext broadcast address; packaging the request message to add a new message header to the request message, and adding the ciphertext broadcast address to the new message header to obtain a third message to be sent; and sending the third message to be sent to the corresponding virtual device according to the destination address of the request message, so as to request the virtual device to broadcast the request message to all application container engines 500 running on the virtual device through the third message to be sent.
For example, the communication device 100 encrypts a preset broadcast address "255.255.255.255" by using a private key "text" to obtain a ciphertext broadcast address, and after GRE encapsulation is performed on the request message to add a new message header (i.e., GRE message header) to the request message, places the ciphertext broadcast address into a key field of the new message header to obtain a third message to be sent, where the third message to be sent includes the new message header and the request message, and the ciphertext broadcast address is stored in the new message header of the third message to be sent; the communication device 100 sends the third message to be sent to the corresponding virtual device (i.e., the virtual device 1) according to the destination address "2.2.2.2" in the request message, and requests the virtual device 1 to broadcast the request message in the third message to be sent to all the application container engines 500 running on the virtual device 1 through the ciphertext broadcast address stored in the new header of the third message to be sent. It should be noted that, after receiving the third message to be sent and analyzing the key field in the new header by using the private key "text" to obtain the broadcast address "255.255.255.255", the virtual device 1 may set whether to broadcast the request message to all application container engines 500 running thereon according to actual application requirements, which is not limited in this application.
When the second processing manner is adopted, the step S204 specifically includes: and discarding the request message. That is, the communication device 100 uniformly discards the request message actively sent for the first time by the external terminal device 300 in the external network, and does not forward the request message, thereby effectively protecting the intranet information from being attacked and providing a guarantee for the security of the intranet information.
In this embodiment, the steps S201 to S204 may be executed before or after any step shown in fig. 3, or may be executed simultaneously with any step shown in fig. 3, which is not limited in this application.
As can be seen, in the present application, when receiving a request packet from the external terminal device 300, the communication device 100 determines a processing policy corresponding to the request packet by determining whether a target routing index corresponding to the request packet exists in a tunnel forwarding table, so as to implement policy-based communication with the application container engine 500, thereby effectively protecting an intranet from being violated. Further, as shown in fig. 8, the message processing method further includes:
step S104, when the communication device 100 does not forward the packet according to the route index in the tunnel forwarding table within a preset time, deleting the route index.
In this embodiment, the preset time is an aging time of the route index configured in advance by the user, taking the tunnel forwarding table shown in fig. 6 as an example, when the communication device 100 does not forward a packet according to the first route index in the tunnel forwarding table within the preset time, the communication device 100 needs to age the first route index in the tunnel forwarding table, that is, delete the first route index; similarly, when the communication device 100 does not forward the packet according to the second routing index in the tunnel forwarding table within the preset time, the communication device 100 needs to delete the second routing index in the tunnel forwarding table. It should be noted that, in this embodiment, the aging times corresponding to all the route indexes in the tunnel forwarding table may be the same or different, and this application does not limit this.
Still referring to fig. 8, the message processing method further includes:
step S105, when the application container engine 500 runs on another virtual device of the server 200 due to a failure of the currently running virtual device, updating the address of the virtual device in the routing index to the address of the other virtual device.
In this embodiment, the application container engine 500 may be started and run on different virtual devices. For example, when the virtual device 1 fails, in order to ensure that the service of the application container engine 500 is not affected, the application container engine 500 running on the virtual device 1 may start and run other virtual devices (e.g., the virtual device 2, the virtual device 3, etc.) on the server 200 except for the virtual device 1; when the application container engine 500 is started and run from the virtual device 2, the communication device 100 needs to update the address of the virtual device corresponding to the application container engine 500 in the tunnel forwarding table, that is, update the address "2.2.2.2" (i.e., the address of the virtual device 1) of the virtual device in the first routing index to the address (e.g., "6.6.6.6") of the virtual device 2, so as to dynamically implement the update of the tunnel forwarding table.
It can be seen that, in the present application, the communication device 100 implements dynamic establishment, update, and dynamic aging of a tunnel forwarding table according to a GRE packet sent by the application container engine 500, thereby avoiding the disadvantages that manual configuration of a static tunnel forwarding table is too cumbersome and the static tunnel forwarding table is not easily changed, and effectively improving the packet forwarding efficiency compared with a manually configured static tunnel forwarding table.
Fig. 9 is a schematic flow chart of another message processing method according to an embodiment of the present invention. The message processing method is applied to the application container engine 500 of the virtual device, and includes:
step S301, after the virtual device establishes a tunnel with the communication device 100, encrypt the identification information of the application container engine 500 by using a pre-configured private key to obtain the ciphertext identification information of the application container engine 500.
In this embodiment, after the virtual device and the communication device 100 establish the GRE tunnel, if the application container engine 500 running on the virtual device wants to send a packet, the identification information of the application container engine 500 is encrypted by using a pre-configured private key (e.g., "text"), so as to obtain the ciphertext identification information of the application container engine 500.
Step S302, sending a message to the communication device 100, where the message includes the ciphertext identification information of the application container engine 500, the address of the virtual device, and the destination address, so that the communication device 100 obtains the identification information of the application container engine 500 by analyzing the ciphertext identification information of the application container engine 500 through the private key, and sends a request message received from the external terminal device 300 to the application container engine 500 through the virtual device according to the identification information of the application container engine 500, the address of the virtual device, and the destination address.
In this embodiment, before the application container engine 500 sends a message to the communication device 100, GRE encapsulation is performed on an original message to be sent, so as to obtain a GRE message, where the GRE message includes two parts, namely, an original message to be sent by the application container engine 500 and a GRE message header. In order to protect the security of the intranet information, the application container engine 500 uses the address of the virtual device as the source address of the packet, and places the encrypted ciphertext identification information in a certain field of the GRE packet header (for example, the key field of the GRE packet header), so that the identification information of the application container engine 500 is sent to the communication device 100 through the GRE tunnel together with the original packet in the form of the ciphertext. That is, when the application container engine 500 sends a message, it informs the communication device 100 of its own identification information in an encrypted manner, so as to effectively protect the security of the intranet information.
Therefore, the message sent by the application container engine 500 to the communication device 100 includes at least the ciphertext identification information of the application container engine 500, the address of the virtual device (i.e., the source address) and the destination address (i.e., the address of the external terminal device 300), so that the communication device 100 can add a routing index in the tunnel forwarding table according to the address and destination address of the virtual device and the identification information obtained by parsing the ciphertext identification information, so that when receiving the request message of the external terminal device 300, the request message is sent to the corresponding virtual device according to the routing index, and the identification information of the application container engine 500 in the routing index is sent to the virtual device together with the request message in the form of a ciphertext, the virtual device can send the request message to the corresponding application container engine 500 after analyzing the identification information of the application container engine 500.
Fig. 10 is a schematic functional module diagram of a message processing apparatus 600 according to an embodiment of the present invention. It should be noted that the basic principle and the generated technical effect of the message processing apparatus 600 provided in the present embodiment are the same as those of the foregoing method embodiments, and for a brief description, reference may be made to corresponding contents in the foregoing method embodiments for a part not mentioned in the present embodiment. The message processing apparatus 600 is applied to the communication device 100, and includes a message receiving module 610, a ciphertext parsing module 620, a tunnel forwarding table establishing module 630, and a message processing module 640.
The message receiving module 610 is configured to receive a message sent by an application container engine 500 running on the virtual device after the virtual device establishes a tunnel with the communication device 100, where the message includes ciphertext identification information of the application container engine 500, an address of the virtual device, and a destination address.
It is understood that the message receiving module 610 may execute the step S101.
The ciphertext parsing module 620 is configured to parse the ciphertext identification information of the application container engine 500 according to a preconfigured private key, so as to obtain the identification information of the application container engine 500.
It is understood that the ciphertext parsing module 620 may perform step S102.
The tunnel forwarding table establishing module 630 is configured to add a routing index in the tunnel forwarding table according to the identification information of the application container engine 500, the address of the virtual device, and the destination address.
In this embodiment, the tunnel forwarding table establishing module 630 is further configured to delete the route index when the communication device 100 does not forward the packet according to the route index in the tunnel forwarding table within a preset time; when the application container engine 500 runs on other virtual devices of the server 200 due to a failure of a currently running virtual device, the addresses of the virtual devices in the routing index are updated to the addresses of the other virtual devices.
It is understood that the tunnel forwarding table establishing module 630 may perform the steps S11, S104 and S105.
The message processing module 640 is configured to send a request message received from the external terminal device 300 to the application container engine 500 through the virtual device according to the identification information of the application container engine 500, the address of the virtual device, and the destination address.
In this embodiment, the message processing module 640 is configured to, when receiving a request message from an external terminal device 300, obtain a source address and a destination address of the request message, determine whether a target routing index corresponding to the request message exists in the tunnel forwarding table according to the source address and the destination address of the request message, and, when the target routing index exists in the tunnel forwarding table, send the request message received from the external terminal device 300 to the application container engine 500 through a virtual device according to identification information of the application container engine 500 in the target routing index and an address of the virtual device in the target routing index; when the target routing index does not exist in the tunnel forwarding table, discarding the request packet or sending the request packet to the virtual device so that the virtual device broadcasts the request packet to all application container engines 500 running on the virtual device.
When the target routing index exists in the tunnel forwarding table, the message processing module 640 may process the request message in two processing manners. The first processing mode is as follows: the message processing module 640 encrypts the identification information of the application container engine 500 in the target routing index by using the private key to obtain ciphertext identification information of the application container engine 500, packages the request message to add a new message header to the request message, adds the ciphertext identification information of the application container engine 500 to the new message header to obtain a first message to be sent, sends the first message to be sent to a corresponding virtual device according to an address of the virtual device in the target routing index, so that the virtual device analyzes the first message to be sent to obtain the identification information of the application container engine 500, and sends the request message to the application container engine 500 according to the identification information of the application container engine 500; the second processing mode is as follows: the message processing module 640 uses the identification information of the application container engine 500 in the target routing index as a new destination address of the request message to obtain a new request message, packages the new request message to obtain a second message to be sent, and sends the second message to be sent to the corresponding virtual device according to the address of the virtual device in the target routing index, so that the virtual device sends the new request message to the application container engine 500 according to the new destination address.
When the target routing index does not exist in the tunnel forwarding table, the message processing module 640 may also process the request message by using two processing methods. The first processing mode is as follows: the message processing module 640 encrypts a preset broadcast address by using the private key to obtain a ciphertext broadcast address, packages the request message to add a new message header to the request message, adds the ciphertext broadcast address to the new message header to obtain a third message to be sent, sends the third message to be sent to corresponding virtual equipment according to a destination address of the request message, and requests the virtual equipment to broadcast the request message to all application container engines 500 running on the virtual equipment through the third message to be sent; the second processing mode is as follows: the message processing module 640 discards the request message.
It is understood that the message processing module 640 can execute the steps S103, S201, S202, S203 and S204.
To sum up, in the message processing method, the device, the communication device, and the computer-readable storage medium provided in the embodiments of the present invention, after a tunnel is established between a virtual device and the communication device, a message sent by an application container engine running on the virtual device is received, where the message includes ciphertext identification information of the application container engine, an address of the virtual device, and a destination address, the ciphertext identification information of the application container engine is analyzed according to a pre-configured private key to obtain identification information of the application container engine, a routing index is added in a tunnel forwarding table according to the identification information of the application container engine, the address of the virtual device, and the destination address, and a request message received from an external terminal device is sent to the application container engine through the virtual device according to the routing index. In the application, when the application container engine sends the message, the identification information of the application container engine is sent to the communication equipment in a ciphertext mode, so that the safety of intranet information is effectively protected; the communication equipment obtains the identification information of the application container engine by analyzing the ciphertext identification information, dynamically establishes a tunnel forwarding table according to the identification information of the application container engine, the address of the virtual equipment and the destination address of the message, and dynamically realizes the updating and aging of the tunnel forwarding table, thereby effectively improving the forwarding efficiency in the forwarding process of the message and avoiding the defects that the static tunnel forwarding table is too complicated and is difficult to change by manually configuring the static tunnel forwarding table in the prior art; in addition, when receiving a request message of an external terminal device, the communication device determines a processing strategy corresponding to the request message by judging whether a target routing index corresponding to the request message exists in a tunnel forwarding table, so that the communication device communicates with an application container engine in a strategic manner, and an intranet is effectively protected from being invaded.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, device or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, devices and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only an alternative embodiment of the present invention and is not intended to limit the present invention, and various modifications and variations of the present invention may occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

Claims (11)

1. A message processing method is applied to a communication device, the communication device is communicated with a plurality of virtual devices, and each virtual device runs an application container engine, and the method is characterized by comprising the following steps:
after the virtual device and the communication device establish a tunnel, receiving a message sent by an application container engine running on the virtual device, wherein the message comprises ciphertext identification information of the application container engine, an address of the virtual device and a destination address;
analyzing the ciphertext identification information of the application container engine according to a preset private key to obtain the identification information of the application container engine;
and sending a request message received from an external terminal device to the application container engine through the virtual device according to the identification information of the application container engine, the address of the virtual device and the destination address.
2. The message processing method of claim 1, wherein the method further comprises:
adding a routing index in a tunnel forwarding table according to the identification information of the application container engine, the address of the virtual device and the destination address;
the sending, by the virtual device, the request packet received from the external terminal device to the application container engine according to the identification information of the application container engine, the address of the virtual device, and the destination address, includes:
and sending a request message received from an external terminal device to the application container engine through the virtual device according to the routing index.
3. The message processing method according to claim 2, wherein there is one application container engine running on each of the virtual devices, and the sending of the request message received from the external terminal device to the application container engine through the virtual device according to the routing index includes:
when a request message of an external terminal device is received, judging whether a target routing index corresponding to the request message exists in the tunnel forwarding table according to a source address and a destination address of the request message;
and when the target routing index exists in the tunnel forwarding table, sending a request message received from an external terminal device to the application container engine through the virtual device according to the identification information of the application container engine in the target routing index and the address of the virtual device in the target routing index.
4. The message processing method according to claim 3, wherein the sending the request message received from the external terminal device to the application container engine through the virtual device according to the identification information of the application container engine in the target routing index and the address of the virtual device in the target routing index comprises:
encrypting the identification information of the application container engine in the target routing index by using the private key to obtain ciphertext identification information of the application container engine;
packaging the request message to add a new message header to the request message, and adding the ciphertext identification information of the application container engine to the new message header to obtain a first message to be sent;
and sending the first message to be sent to the corresponding virtual equipment according to the address of the virtual equipment in the target routing index, so that the virtual equipment can analyze the first message to be sent to obtain the identification information of the application container engine, and sending the request message to the application container engine according to the identification information of the application container engine.
5. The message processing method according to claim 3, wherein the sending the request message received from the external terminal device to the application container engine through the virtual device according to the identification information of the application container engine in the target routing index and the address of the virtual device in the target routing index comprises:
taking the identification information of the application container engine in the target routing index as a new destination address of the request message to obtain a new request message;
packaging the new request message to obtain a second message to be sent;
and sending the second message to be sent to the corresponding virtual device according to the address of the virtual device in the target routing index, so that the virtual device sends the new request message to the application container engine according to the new destination address.
6. The message processing method of claim 2, wherein the method further comprises:
and when the communication equipment does not forward the message according to the routing index in the tunnel forwarding table within the preset time, deleting the routing index.
7. The message processing method of claim 2, wherein the method further comprises:
and when the application container engine runs on other virtual equipment due to the failure of the currently running virtual equipment, updating the address of the virtual equipment in the routing index to the address of the other virtual equipment.
8. A message processing method is applied to an application container engine of a virtual device, wherein the virtual device is communicated with a communication device, and the method comprises the following steps:
after the virtual device and the communication device establish a tunnel, encrypting the identification information of the application container engine by using a preset private key to obtain ciphertext identification information of the application container engine;
and sending a message to the communication equipment, wherein the message comprises the ciphertext identification information of the application container engine, the address and the destination address of the virtual equipment, so that the communication equipment can analyze the ciphertext identification information of the application container engine through the private key to obtain the identification information of the application container engine, and send a request message received from external terminal equipment to the application container engine through the virtual equipment according to the identification information of the application container engine, the address of the virtual equipment and the destination address.
9. A message processing apparatus applied to a communication device, the communication device communicating with a plurality of virtual devices, each of the virtual devices having an application container engine running thereon, the apparatus comprising:
a message receiving module, configured to receive a message sent by an application container engine running on the virtual device after a tunnel is established between the virtual device and the communication device, where the message includes ciphertext identification information of the application container engine, an address of the virtual device, and a destination address;
the ciphertext analysis module is used for analyzing the ciphertext identification information of the application container engine according to a preset private key to obtain the identification information of the application container engine;
and the message processing module is used for sending a request message received from external terminal equipment to the application container engine through the virtual equipment according to the identification information of the application container engine, the address of the virtual equipment and the destination address.
10. A computer-readable storage medium, on which a computer program is stored which, when read and executed by a processor, implements the method according to any one of claims 1 to 7.
11. A communication device, comprising a computer readable storage medium storing a computer program and a processor, the computer program being read and executed by the processor to implement the method according to any of claims 1-7.
CN201810803037.6A 2018-07-20 2018-07-20 Message processing method and device, communication equipment and computer readable storage medium Active CN109150684B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810803037.6A CN109150684B (en) 2018-07-20 2018-07-20 Message processing method and device, communication equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810803037.6A CN109150684B (en) 2018-07-20 2018-07-20 Message processing method and device, communication equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109150684A CN109150684A (en) 2019-01-04
CN109150684B true CN109150684B (en) 2021-04-06

Family

ID=64801326

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810803037.6A Active CN109150684B (en) 2018-07-20 2018-07-20 Message processing method and device, communication equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109150684B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871277B (en) * 2019-01-22 2021-03-16 普联技术有限公司 Inter-process multi-request management method and device, terminal equipment and readable storage medium
CN112291165A (en) * 2019-07-24 2021-01-29 中兴通讯股份有限公司 Message processing method, switch and computer readable storage medium
CN112787903B (en) * 2020-12-24 2022-03-11 郑州信大捷安信息技术股份有限公司 Multi-protocol VPN gateway fusion system and method
CN112769648B (en) * 2020-12-31 2022-08-19 苏州盛科通信股份有限公司 Information updating method and device, storage medium and electronic device
CN115883454A (en) * 2021-09-27 2023-03-31 中兴通讯股份有限公司 Wireless power terminal, route setting method thereof, and storage medium
CN114157611B (en) * 2021-12-15 2023-12-08 苏州盛科通信股份有限公司 Message de-duplication method, device and storage medium
CN114285675B (en) * 2022-03-07 2022-07-12 杭州优云科技有限公司 Message forwarding method and device
CN114968088B (en) * 2022-04-08 2023-09-05 中移互联网有限公司 File storage method, file reading method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106133688A (en) * 2014-03-28 2016-11-16 亚马逊技术有限公司 Coordinate the enforcement of the service of container layout and execution
CN107066874A (en) * 2017-04-18 2017-08-18 北京元心科技有限公司 Method and device for interactively verifying information between container systems
CN107580074A (en) * 2017-10-24 2018-01-12 北京无字天书科技有限公司 One kind is without master control gateway formula access method for equalizing load
CN108111469A (en) * 2016-11-24 2018-06-01 阿里巴巴集团控股有限公司 A kind of method and apparatus for establishing escape way in the cluster

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10318318B2 (en) * 2016-02-26 2019-06-11 Red Hat, Inc. Extending user interface of a web console

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106133688A (en) * 2014-03-28 2016-11-16 亚马逊技术有限公司 Coordinate the enforcement of the service of container layout and execution
CN108111469A (en) * 2016-11-24 2018-06-01 阿里巴巴集团控股有限公司 A kind of method and apparatus for establishing escape way in the cluster
CN107066874A (en) * 2017-04-18 2017-08-18 北京元心科技有限公司 Method and device for interactively verifying information between container systems
CN107580074A (en) * 2017-10-24 2018-01-12 北京无字天书科技有限公司 One kind is without master control gateway formula access method for equalizing load

Also Published As

Publication number Publication date
CN109150684A (en) 2019-01-04

Similar Documents

Publication Publication Date Title
CN109150684B (en) Message processing method and device, communication equipment and computer readable storage medium
US10348638B2 (en) Creating cross-service chains of virtual network functions in a wide area network
US11258701B2 (en) Method and device for interworking between service function chain domains
US10547692B2 (en) Adding cloud service provider, cloud service, and cloud tenant awareness to network service chains
US10148573B2 (en) Packet processing method, node, and system
US10516650B2 (en) Dynamic, user-configurable virtual private network
US8695059B2 (en) Method and system for providing network security services in a multi-tenancy format
US8713628B2 (en) Method and system for providing cloud based network security services
US20060112425A1 (en) Method and system for including security information with a packet
US11362947B2 (en) Interconnecting multiple separate openflow domains
US11522795B1 (en) End to end application identification and analytics of tunnel encapsulated traffic in the underlay
CN106878199B (en) Configuration method and device of access information
EP3125481B1 (en) Information transmission method, device and communication system
WO2016150205A1 (en) Method, device and system for processing vxlan message
US20180006842A1 (en) Access Layer-2 Virtual Private Network From Layer-3 Virtual Private Network
US11805049B2 (en) Communication method and communications device
CN113691490A (en) Method and device for checking SRv6 message
CN113950811B (en) Extending BGP protection for SR Path ingress protection
EP4287550A1 (en) Packet processing method, client end device, server end device, and computer-readable medium
US20130259057A1 (en) Pseudowire groups in a packet switched network
CN112994928B (en) Virtual machine management method, device and system
CN106169969B (en) Method, related equipment and system for establishing label switching path of virtual private network
CN114765567B (en) Communication method and communication system
CN114826672A (en) Encryption and decryption methods and devices of cloud network, computing node and system
CN110166359B (en) Message forwarding method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant